GDPR Compliance Policy – easykitchenflow.com

Last Updated: April 03, 2026

At easykitchenflow, we are committed to protecting the privacy and personal data of our users in full compliance with the General Data Protection Regulation (GDPR). This policy explains what personal data we collect, how we use it, the legal basis for processing, and your rights under the GDPR.

1. What Data We Collect

Email Addresses – Collected when you sign up for newsletters, create an account, or contact us.
Cookies and Tracking Technologies – We use first‑party cookies to remember your preferences and session information. Third‑party cookies from analytics services track usage patterns.
Analytics Data – Tools such as Google Analytics or Matomo provide aggregated insights into website traffic and user behaviour.

2. How We Protect Your Data

All data is transmitted via HTTPS (SSL/TLS), ensuring end‑to‑end encryption. Your personal information is stored on secure, ISO‑27001 certified servers with regular penetration testing and vulnerability scans. We implement strict access controls and audit logs to prevent unauthorized access.

We retain personal data only for as long as necessary to fulfil the purposes listed in this policy, or as required by law. Email addresses are kept for the duration of your subscription or until you request deletion. Analytics data is anonymised and retained for a maximum of 12 months.

3. Legal Basis for Processing

Consent – For marketing emails and newsletters. You can opt‑in or opt‑out at any time.
Legitimate Interest – For improving site performance, analysing traffic, and personalising user experience.

4. Your GDPR Rights

Right to Access

You have the right to request a copy of the personal data we hold about you, including the purposes of processing and the recipients to whom the data has been disclosed.

Right to Rectification

Should any personal data be inaccurate or incomplete, you can ask us to correct it.

Right to Erasure

Under certain circumstances, you can request the deletion of your personal data.

Right to Restrict Processing

You may request that we limit how we process your data, for example, while we verify its accuracy.

Right to Data Portability

You can obtain your personal data in a structured, commonly used format and transfer it to another controller.

Right to Object

You may object to processing for direct marketing, profiling, or legitimate interest purposes.

Right to Withdraw Consent

At any time you may withdraw your consent for data processing. This will not affect the lawfulness of processing carried out before withdrawal.

5. How to Exercise Your Rights

You may exercise any of the rights listed above by contacting us at [email protected]. Please include:

Your full name and contact information.
A clear description of the request (e.g., “I would like a copy of all personal data we hold about me”).
Any relevant identifiers (e.g., email address, user ID).

We will respond to your request within 30 days, as required by GDPR. If the request is complex, we may need up to 60 days but will inform you of any delay.

6. Data Retention Policy

Personal data is retained only as long as necessary:

Email addresses: retained while you remain subscribed or until deletion is requested.
Cookies: session cookies are deleted when the session ends; persistent cookies are retained for a maximum of 12 months.
Analytics: anonymised data is stored for 12 months; any personally identifying data is discarded immediately.

7. Security Measures

Transport Layer Security (TLS) encryption for all data in transit.
Encrypted storage using AES‑256 on our servers.
Multi‑factor authentication for internal staff accessing personal data.
Regular security audits and penetration tests.

8. Contact Information

If you have any questions about this policy, wish to exercise a GDPR right, or need assistance, please contact:

Data Protection Officer
[email protected]

We are committed to ensuring your privacy and will handle all requests with the utmost care and confidentiality.